(6 questions)
Question 56
Your company has a project in Azure DevOps for a new application. The application will be deployed to several Azure virtual machines that run Windows Server 2016.
You need to recommend a deployment strategy for the virtual machines. The strategy must meet the following requirements:
Ensure that the virtual machines maintain a consist configuration.
Minimize administrative effort to configure the virtual machines.
What should you include in the recommendation?
Azure Resource Manager templates and the PowerShell Desired State Configuration (DSC) extension for Windows
Deployment YAML and Azure pipeline deployment groups
Azure Resource Manager templates and the Custom Script Extension for Windows
Deployment YAML and Azure pipeline stage templates Explanation:
Explanation:
The Custom Script Extension downloads and executes scripts on Azure virtual machines. This extension is useful for post deployment configuration, software installation, or any other
configuration or management tasks. Scripts can be downloaded from Azure storage or GitHub, or provided to the Azure portal at extension run time. The Custom Script Extension integrates with Azure Resource Manager templates, and can be run using the Azure CLI, PowerShell, Azure portal, or the Azure Virtual Machine REST API.
Incorrect Answers:
B: YAML doesn't work with Azure pipeline deployment groups.
References:
https://docs.microsoft.com/en-us/azure/virtual-machines/extensions/custom-script-windows
Question 57
You have an application that consists of several Azure App Service web apps and Azure functions.
You need to access the security of the web apps and the functions.
Which Azure features can you use to provide a recommendation for the security of the application?
Security & Compliance in Azure Log Analytics
Resource health in Azure Service Health
Smart Detection in Azure Application Insights
Compute & apps in Azure Security Center Explanation:
Explanation:
Monitor compute and app services: Compute & apps include the App Services tab, which App services: list of your App service environments and current security state of each.
Recommendations
This section has a set of recommendations for each VM and computer, web and worker roles, Azure App Service Web Apps, and Azure App Service Environment that Security Center monitors. The first column lists the recommendation. The second column shows the total number of resources that are affected by that recommendation. The third column shows the severity of the issue.
Incorrect Answers:
C: Smart Detection automatically warns you of potential performance problems, not security problems in your web application.
References:
https://docs.microsoft.com/en-us/azure/azure-monitor/app/proactive-diagnostics
Question 58
Your company develops an app for iOS. All users of the app have devices that are members of a private distribution group in Microsoft Visual Studio App Center.
You plan to distribute a new release of the app.
You need to identify which certificate file you require to distribute the new release from App Center.
Which file type should you upload to App Center?
.cer
A successful IOS device build will produce an ipa file. In order to install the build on a device, it needs to be signed with a valid provisioning profile and certificate. To sign the builds produced from a branch, enable code signing in the configuration pane and upload a provisioning profile
(.mobileprovision) and a valid certificate (.p12), along with the password for the certificate.
References:
https://docs.microsoft.com/en-us/appcenter/build/xamarin/ios/
Question 59
You have a private distribution group that contains provisioned and unprovisioned devices.
You need to distribute a new iOS application to the distribution group by using Microsoft Visual Studio App Center.
What should you do?
Request the Apple ID associated with the user of each device.
Register the devices on the Apple Developer portal.
Create an active subscription in App Center Test.
Add the device owner to the organization in App Center.
Explanation:
Explanation:
When releasing an iOS app signed with an ad-hoc or development provisioning profile, you must obtain tester's device IDs (UDIDs), and add them to the provisioning profile before compiling a release. When you enable the distribution group's Automatically manage devices setting, App Center automates the before mentioned operations and removes the constraint for you to perform any
manual tasks. As part of automating the workflow, you must provide the user name and password for your Apple ID and your production certificate in a .p12 format.
App Center starts the automated tasks when you distribute a new release or one of your testers registers a new device. First, all devices from the target distribution group will be registered, using your Apple ID, in your developer portal and all provisioning profiles used in the app will be generated with both new and existing device ID. Afterward, the newly generated provisioning profiles are downloaded to App Center servers.
References:
https://docs.microsoft.com/en-us/appcenter/distribution/groups
Question 60
SIMULATION
You need to create a virtual machine template in an Azure DevTest Labs environment named az400-9940427-dtl1. The template must be based on Windows Server 2016 Datacenter. Virtual machines created from the template must include the selenium tool and the Google Chrome browser.
To complete this task, sign in to the Microsoft Azure portal.
Explanation:
Explanation:
1. Open Microsoft Azure Portal
2. Select All Services, and then select DevTest Labs in the DEVOPS section.
3. From the list of labs, select the az400-9940427-dtl1 lab
4. On the home page for your lab, select + Add on the toolbar.
5. Select the Windows Server 2016 Datacenter base image for the VM.
6. Select automation options at the bottom of the page above the Submit button.
7. You see the Azure Resource Manager template for creating the virtual machine.
8. The JSON segment in the resources section has the definition for the image type you selected earlier.
References:
https://docs.microsoft.com/bs-cyrl-ba/azure//lab-services/devtest-lab-vm-powershell
Question 61
SIMULATION
You need to prepare a network security group (NSG) named az400-9940427-nsg1 to host an Azure DevOps pipeline agent. The solution must allow only the required outbound port for Azure DevOps and deny all other inbound and outbound access to the Internet.
To complete this task, sign in to the Microsoft Azure portal.
Explanation:
Explanation:
1. Open Microsoft Azure Portal and Log into your Azure account.
2. Select network security group (NSG) named az400-9940427-nsg1
3. Select Settings, Outbound security rules, and click Add
4. Click Advanced
5. Change the following settings:
Destination Port range: 8080 Protocol. TCP
Action: Allow
Note: By default, Azure DevOps Server uses TCP Port 8080.
References:
https://robertsmit.wordpress.com/2017/09/11/step-by-step-azure-network-security-groups-nsg-security-center-azure-nsg-network/
https://docs.microsoft.com/en-us/azure/devops/server/architecture/required-ports?view=azure-devops